Acritum Femitter Web Server v1.03 is a Windows based HTTP server. This is the latest version of the application available. Femitter is vulnerable to remote arbitrary source code disclosure by the following means.
The vulnerability exists due to insufficient sanitization of user input in the 'require_once($ROOTDIR.'admin/functions/general.php')' parameter in the 'admin/includes/createemails.php' script. This can be exploited to include arbitrary files from remote locations by using a URL in the 'ROOTDIR' parameter in a HTTP request.
An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. The request contains a malicious URL in the 'rd' parameter which is used to include a remote file containing arbitrary malicious code.
Exploit for the ProFTPd mod_ctrls vulnerability. Stack Overflow in function int pr_ctrls_recv_request(pr_crls_cl_t *cl) unchecked buffer for arguments of the module. Connects to the unix domain socket and sends a string that is longer than the buffer (char[512]). Works on OpenSuSE 10.2 on i686.
A SQL injection vulnerability exists in the Redcat Media web application. An attacker can exploit this vulnerability by sending a malicious SQL query to the vulnerable parameter 'contentId' in the 'index.php' page. This can allow the attacker to gain access to sensitive information from the database.
SQL injection is a code injection technique that exploits a security vulnerability occurring in the database layer of an application. The vulnerability is present when user input is either incorrectly filtered for string literal escape characters embedded in SQL statements or user input is not strongly typed and thereby unexpectedly executed.
This PoC exploits a buffer overflow vulnerability in GPA.EXE, the executable for the GNU Privacy Assistant (GPA) component of GPG4Win. When a specially crafted PGP message is pasted into the GPA Clipboard, it causes a crash. The PoC does not seem to overwrite anything, even when the content is increased to 10,000+ characters.
A security hole exists in the current permission model under /proc/PID/fd, which allows a user to work around directory permissions in the background using the /proc filesystem.
This module abuses a metacharacter injection vulnerability in the HTTP management server of wireless gateways running DD-WRT. This flaw allows an unauthenticated attacker to execute arbitrary commands as the root user account.
This exploit is related to a race condition vulnerability in the connect() system call of Unix Domain Sockets. The vulnerability occurs when a listening socket is shutdown before the connect() system call is completed. This can lead to a denial of service or privilege escalation.